I didn't notice this till just now, but our admin_display sub-routines are actually slightly different

I guess Alex must have re-written it for 2.05 (which is what I'm using). And I imagine you are using 2.04? (which I still have a copy of here...)
Looking at the two, I can see why you might have had trouble implementing the code I gave you. Sorry I didn't catch on sooner, well done though

Anyway, the routines are different enough to make displaying passwords rather than usernames not as easy as I had originally intended.
Can you put up with usernames for now? I'll get something together for you soon.

- Mark


Astro-Boy!!
http://www.zip.com.au/~astroboy/

Oh ok. I didn't realise another version of DBMan had been released lately.

No thats fine. It was nearly exactly the same apart from a few lines.

Yeah I can put up with usernames for the same being. No huge big deal.

Thanks.

When were you thinking of getting round to writing a modification for that drop down menu of passwords instead of usernames?

I'm asking so that I have a rough idea when to expect something.

Well it's about 5pm now (looking at the GT Forum time... it's actually 11pm here )

Give me a few hours (I'm still at work - gotta do "work stuff" too ) can you hold out till tonight some time? (GT time that is )

- Mark


Astro-Boy!!
http://www.zip.com.au/~astroboy/

It's 1:11pm here.

That would be great. Thanks!!

Ok, work is boring, here's the code

Original Code:
Updated Code:
That should do it.

Cheers,

- Mark


Astro-Boy!!
http://www.zip.com.au/~astroboy/

Thanks for that but that code you gave me overwrites the code for getting the users details from users.cfg.

Can you combine the two?

Thanks so much for this Mark!!!!

P.S. NZ won the cricket!!!! ;-)

This is the code at the moment:

sub admin_display {
# --------------------------------------------------------
# Let's an admin add/update/remove users from the authorization file.
#
my ($message, @lines, $line);

# Do we have anything to do?
CASE: {
# If we've been passed in new_username, then we are adding a new user. Do
# some basic error checking and then add him into the password file.
$in{'new_username'} and do {
unless ((length($in{'new_username'}) >= 3) and (length($in{'new_username'}) <= 30) and ($in{'new_username'} =~ /^[a-zA-Z0-9]+$/)) {
$message = "Invalid username: $in{'new_username'}. Must only contain letters and numbers and be less then 12 and greater then 3 characters.";
last CASE;
}
unless ((length($in{'password'}) >= 3) and (length($in{'password'}) <= 30)) {
$message = "Invalid password: '$in{'password'}'. Must be less then 12 and greater then 3 characters.";
last CASE;
}
open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($in{'password'}, $salt);
print PASS "$in{'new_username'}:$in{'password'}:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";
close PASS;
$message = "User: $in{'new_username'} created.";
last CASE;
};
# If we've been passed in delete, then we are removing a user.
# Check to make sure a user was selected then try and remove him.
###########################
$in{'delete'} and do {
unless ($in{'username'}) {
$message = "No username selected to delete.";
last CASE;
}
open (PASS, "<$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1) }
@lines = <PASS>;
close PASS;

open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my $found = 0;
foreach $line (@lines) {
($line =~ /^$in{'username'}:/) ?
($found = 1) :
print PASS $line;
}
close PASS;
if ($found) {
$message = "User: $in{'username'} deleted.";
&switch_to_user;
open (DB, "<$db_file_name") or &cgierr("unable to open db file: $db_file_name.\nReason: $!");
if ($db_use_flock) { flock(DB, 1); }
@lines = <DB>;
close DB;

LINE: foreach $line (@lines) {
if ($line =~ /^$/) { next LINE; }
if ($line =~ /^#/) { $output .= $line; next LINE; }
chomp ($line);
@data = &split_decode($line);

unless ($data[$auth_user_field] eq $in{'username'}) {
$output .= $line . "\n";
}
}
open (DB, ">$db_file_name") or &cgierr("unable to open db file: $db_file_name.\nReason: $!");
if ($db_use_flock) {
flock(DB, 2) or &cgierr("unable to get exclusive lock on $db_file_name.\nReason: $!");
}
print DB $output;
close DB; # automatically removes file lock

$output = '';
&switch_to_item;
open (DB, "<$db_file_name") or &cgierr("unable to open db file: $db_file_name.\nReason: $!");
if ($db_use_flock) { flock(DB, 1); }
@lines = <DB>;
close DB;

LINE: foreach $line (@lines) {
if ($line =~ /^$/) { next LINE; }
if ($line =~ /^#/) { $output .= $line; next LINE; }
chomp ($line);
@data = &split_decode($line);

unless ($data[$auth_user_field] eq $in{'username'}) {
$output .= $line . "\n";
}
}
open (DB, ">$db_file_name") or &cgierr("unable to open db file: $db_file_name.\nReason: $!");
if ($db_use_flock) {
flock(DB, 2) or &cgierr("unable to get exclusive lock on $db_file_name.\nReason: $!");
}
print DB $output;
close DB; # automatically removes file lock

}
else {
$message = "Unable to find userid: $in{'username'} in password file.";
}
last CASE;
};
# If we have a username, and the admin didn't press inquire, then
# we are updating a user.
($in{'username'} && !$in{'inquire'}) and do {
open (PASS, "<$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1); }
@lines = <PASS>;
close PASS;

open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my $found = 0;
foreach $line (@lines) {
if ($line =~ /^$in{'username'}:/) {
my $password = (split (/:/, $line))[1];
unless ($password eq $in{'password'}) {
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
$password = crypt($in{'password'}, $salt);
}
print PASS "$in{'username'}:$in{'password'}:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";
$found = 1;
}
else {
print PASS $line;
}
}
$in{'inquire'} = $in{'username'};
$found ?
($message = "User: $in{'username'} updated.") :
($message = "Unable to find user: '$in{'username'}' in the password file.");
last CASE;
};
};

# Now let's load the list of users.
open (PASS, "<$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1); }
@lines = <PASS>;
close PASS;

if ($in{'userdetails'}) {
$db_script_link_url = "http://192.172.1.99/imvda/db.cgi?db=user&uid=$username&view_records=1";
}

# If we are inquiring, let's look for the specified user.
my (@data, $user_list, $perm, $password, $IMVDARef, $CompanyName, $PhysicalAddress, $PostalAddress, $Region, $Phone, $Fax, $CellPhone, $Email, $Website);
$user_list = qq~<select name="username"><option> </option>~;
LINE: foreach $line (@lines) {
$line =~ /^#/ and next LINE;
$line =~ /^\s*$/ and next LINE;
chomp $line;
@data = split (/:/, $line);
push (@users,$data[0]);
if ($in{'inquire'} and ($in{'username'} eq $data[0])) {
$password = $data[1];
$perm = qq|
View <input type=checkbox name="per_view" value="1" |;
($data[2] and $perm .= "CHECKED"); $perm .= qq|>
Add <input type=checkbox name="per_add" value="1" |;
($data[3] and $perm .= "CHECKED"); $perm .= qq|>
Delete <input type=checkbox name="per_del" value="1" |;
($data[4] and $perm .= "CHECKED"); $perm .= qq|>
Modify <input type=checkbox name="per_mod" value="1" |;
($data[5] and $perm .= "CHECKED"); $perm .= qq|>
Admin <input type=checkbox name="per_admin" value="1" |;
($data[6] and $perm .= "CHECKED"); $perm .= qq|>|;
open (PASS, "<user.db") or &cgierr ("unable to open: user.db.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1); }
my @user_data = <PASS>;
close PASS;
foreach $line (@user_data) {
@user_info = split(/\|/, $line);
last if ($user_info[1] eq $password);

}

$IMVDARef = $user_info[1];
$CompanyName = $user_info[2];
$PhysicalAddress = $user_info[3];
$PostalAddress = $user_info[4];
$Region = $user_info[5];
$Phone = $user_info[7];
$Fax = $user_info[8];
$CellPhone = $user_info[9];
$Email = $user_info[10];
$Website = $user_info[11];

}
}
foreach $user (sort @users) {
if ($in{'inquire'} and ($in{'username'} eq $user)) {
$user_list .= qq~<option value="$user" SELECTED>$user</option>\n~;
}
else {
$user_list .= qq~<option value="$user">$user</option>\n~;
}
}
$user_list .= "</select>";
# Build the permissions list if we haven't inquired in someone.
if (!$perm) {
$perm = qq|
View <input type=checkbox name="per_view" value="1" |; ($auth_default_perm[0] and $perm .= "CHECKED"); $perm .= qq|>
Add <input type=checkbox name="per_add" value="1" |; ($auth_default_perm[1] and $perm .= "CHECKED"); $perm .= qq|>
Delete <input type=checkbox name="per_del" value="1" |; ($auth_default_perm[2] and $perm .= "CHECKED"); $perm .= qq|>
Modify <input type=checkbox name="per_mod" value="1" |; ($auth_default_perm[3] and $perm .= "CHECKED"); $perm .= qq|>
Admin <input type=checkbox name="per_admin" value="1" |; ($auth_default_perm[4] and $perm .= "CHECKED"); $perm .= qq|>|;
}
&html_admin_display ($message, $user_list, $password, $perm, $IMVDARef, $CompanyName, $PhysicalAddress, $PostalAddress, $Region, $Phone, $Fax, $CellPhone, $Email, $Website);
}

Don't worry about it Mark. I no longer want a drop down list of passwords.

I think I'm going to have a few more questions for you shortly though :)

Another change for admin display.

I now want the list to stay as sernames but below that you are asked to
enter the password of the user that you have selected.

You then click on "Inquire"
and if they match (the password you entered and the real password stored in
default.pass) you can click on delete and remove the user. It still shows the
users details when you click "Inquire".

Is this possible? Can you be of any assistance in helping me do this?

I've been having a go and have added the following code to the inquire section in admin_display:

unless ($in{'password'} eq $in{'password2'}) {
$message = "passwords don't match";
}

<input type="type" name="password" value="$password" size="14">
<input type="type" name="password2" size="14">

The problem is that when you click inquire it clears the form and the value of password2 is back to "null". How can it keep this value or am I doing it a completely wrong way?

LOL, sorry I completely forgot about that
(work does that too you )

Yay!

You can get rid of that "password2" field and just use the original filed.

That should do it... (and I remembered the new code too )

- Mark


Astro-Boy!!
http://www.zip.com.au/~astroboy/

Thanks again Mark. I don't know what I'd do without you!!! :)

Does that mean I now just have a field on the admin page like this:

<input type="type" name="password" value="$password" size="14">

That's right

- Mark


Astro-Boy!!
http://www.zip.com.au/~astroboy/

Cool thanks.

I'll let you know in the morning whether I was successfull or not. It doesn't look like much code needs changing so hopefully it won't take too long.

Just to explain myself again in case we have misunderstood each other I have draw and scanned a picture in of what I want. It can be viewed at: http://server5.hypermart.net/philipclark/admin.jpg

As you can see you start off by selecting a username from the list and then you enter the users password. If the password that you selected matches the one in default.pass you are aloud to delete the user and it displays their details. If not it brings up an error saying the passwords don't match.

Is what you've done match what I've said above?

Basically...

What you do is select a username from the list. If you press "Inquire" it won't show you the details unless you enter the password in the "password" box as well.

"But what about the delete button?" you ask...
"I knew I forgot something" I reply

Ok, In the delete section of the routine...

Find the code:
And replace with:
Hopefully that will do it, and hopefully my memory will improve . Again, I've highlighted the changes in red.

Cheers,

- Mark


Astro-Boy!!
http://www.zip.com.au/~astroboy/

Yes thats right.

Oh cool. I'm glad you thought of that now. That won't effect the mod that I added that removes all the items associated with a user along with all the users details will it?

Thanks again Mark

Hi Mark,

It works great but there are two bugs. The first one is that even if the password is entered
correctly it shows the message "passwords don't match".

The other one is that when a user has been successfully deleted it doesn't show the message "User: ???? deleted". It still
shows "passwords don't match" when the user has been successfully deleted.

The code is shown below if that helps:

----

sub admin_display {
# --------------------------------------------------------
# Let's an admin add/update/remove users from the authorization file.
#
my ($message, @lines, $line);

# Do we have anything to do?
CASE: {
# If we've been passed in new_username, then we are adding a new user. Do
# some basic error checking and then add him into the password file.
$in{'new_username'} and do {
unless ((length($in{'new_username'}) >= 3) and (length($in{'new_username'}) <= 30) and ($in{'new_username'} =~ /^[a-zA-Z0-9]+$/)) {
$message = "Invalid username: $in{'new_username'}. Must only contain letters and numbers and be less then 12 and greater then 3 characters.";
last CASE;
}
unless ((length($in{'password'}) >= 3) and (length($in{'password'}) <= 30)) {
$message = "Invalid password: '$in{'password'}'. Must be less then 12 and greater then 3 characters.";
last CASE;
}
open (PASS, ">>$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
my $encrypted = crypt($in{'password'}, $salt);
print PASS "$in{'new_username'}:$in{'password'}:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";
close PASS;
$message = "User: $in{'new_username'} created.";
last CASE;
};
# If we've been passed in delete, then we are removing a user.
# Check to make sure a user was selected then try and remove him.
###########################
$in{'delete'} and do {
unless ($in{'username'}) {
$message = "No username selected to delete.";
last CASE;
}
unless ($in{'password'}) {
$message = "No password supplied";
last CASE;
}
open (PASS, "<$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1) }
@lines = <PASS>;
close PASS;

open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my $found = 0;
foreach $line (@lines) {
if (($line =~ /:$in{'password'}:/) && ($line =~ /^$in{'username'}:/)) {
$found = 1;
}
else {
print PASS $line;
}
}
close PASS;
if ($found) {
$message = "User: $in{'username'} deleted.";
&switch_to_user;
open (DB, "<$db_file_name") or &cgierr("unable to open db file: $db_file_name.\nReason: $!");
if ($db_use_flock) { flock(DB, 1); }
@lines = <DB>;
close DB;

LINE: foreach $line (@lines) {
if ($line =~ /^$/) { next LINE; }
if ($line =~ /^#/) { $output .= $line; next LINE; }
chomp ($line);
@data = &split_decode($line);

unless ($data[$auth_user_field] eq $in{'username'}) {
$output .= $line . "\n";
}
}
open (DB, ">$db_file_name") or &cgierr("unable to open db file: $db_file_name.\nReason: $!");
if ($db_use_flock) {
flock(DB, 2) or &cgierr("unable to get exclusive lock on $db_file_name.\nReason: $!");
}
print DB $output;
close DB; # automatically removes file lock

$output = '';
&switch_to_item;
open (DB, "<$db_file_name") or &cgierr("unable to open db file: $db_file_name.\nReason: $!");
if ($db_use_flock) { flock(DB, 1); }
@lines = <DB>;
close DB;

LINE: foreach $line (@lines) {
if ($line =~ /^$/) { next LINE; }
if ($line =~ /^#/) { $output .= $line; next LINE; }
chomp ($line);
@data = &split_decode($line);

unless ($data[$auth_user_field] eq $in{'username'}) {
$output .= $line . "\n";
}
}
open (DB, ">$db_file_name") or &cgierr("unable to open db file: $db_file_name.\nReason: $!");
if ($db_use_flock) {
flock(DB, 2) or &cgierr("unable to get exclusive lock on $db_file_name.\nReason: $!");
}
print DB $output;
close DB; # automatically removes file lock

}
else {
$message = "Unable to find userid: $in{'username'} in password file.";
}
last CASE;
};
# If we have a username, and the admin didn't press inquire, then
# we are updating a user.
($in{'username'} && !$in{'inquire'}) and do {
open (PASS, "<$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1); }
@lines = <PASS>;
close PASS;

open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my $found = 0;
foreach $line (@lines) {
if ($line =~ /^$in{'username'}:/) {
my $password = (split (/:/, $line))[1];
unless ($password eq $in{'password'}) {
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
$password = crypt($in{'password'}, $salt);
}
print PASS "$in{'username'}:$in{'password'}:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";
$found = 1;
}
else {
print PASS $line;
}
}
$in{'inquire'} = $in{'username'};
$found ?
($message = "User: $in{'username'} updated.") :
($message = "Unable to find user: '$in{'username'}' in the password file.");
last CASE;
};
};

# Now let's load the list of users.
open (PASS, "<$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1); }
@lines = <PASS>;
close PASS;

if ($in{'userdetails'}) {
$db_script_link_url = "http://192.172.1.99/imvda/db.cgi?db=user&uid=$username&view_records=1";
}

# If we are inquiring, let's look for the specified user.
my (@data, $user_list, $perm, $password, $IMVDARef, $CompanyName, $PhysicalAddress, $PostalAddress, $Region, $Phone, $Fax, $CellPhone, $Email, $Website);
$user_list = qq~<select name="username"><option> </option>~;
unless ($in{'password'} eq $in{'password2'}) {
$message = "passwords don't match";
}
LINE: foreach $line (@lines) {
$line =~ /^#/ and next LINE;
$line =~ /^\s*$/ and next LINE;
chomp $line;
@data = split (/:/, $line);
push (@users,$data[0]);
if ($in{'inquire'} and ($in{'username'} eq $data[0])) {
if ($in{'password'} eq $data[1]) {
$password = $data[1];
$perm = qq|
View <input type=checkbox name="per_view" value="1" |;
($data[2] and $perm .= "CHECKED"); $perm .= qq|>
Add <input type=checkbox name="per_add" value="1" |;
($data[3] and $perm .= "CHECKED"); $perm .= qq|>
Delete <input type=checkbox name="per_del" value="1" |;
($data[4] and $perm .= "CHECKED"); $perm .= qq|>
Modify <input type=checkbox name="per_mod" value="1" |;
($data[5] and $perm .= "CHECKED"); $perm .= qq|>
Admin <input type=checkbox name="per_admin" value="1" |;
($data[6] and $perm .= "CHECKED"); $perm .= qq|>|;
open (PASS, "<user.db") or &cgierr ("unable to open: user.db.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1); }
my @user_data = <PASS>;
close PASS;
foreach $line (@user_data) {
@user_info = split(/\|/, $line);
last if ($user_info[1] eq $password);

}

$IMVDARef = $user_info[1];
$CompanyName = $user_info[2];
$PhysicalAddress = $user_info[3];
$PostalAddress = $user_info[4];
$Region = $user_info[5];
$Phone = $user_info[7];
$Fax = $user_info[8];
$CellPhone = $user_info[9];
$Email = $user_info[10];
$Website = $user_info[11];
} else {
$message = 'Password does not match!';
}
}
}
foreach $user (sort @users) {
if ($in{'inquire'} and ($in{'username'} eq $user)) {
$user_list .= qq~<option value="$user" SELECTED>$user</option>\n~;
}
else {
$user_list .= qq~<option value="$user">$user</option>\n~;
}
}
$user_list .= "</select>";
# Build the permissions list if we haven't inquired in someone.
if (!$perm) {
$perm = qq|
View <input type=checkbox name="per_view" value="1" |; ($auth_default_perm[0] and $perm .= "CHECKED"); $perm .= qq|>
Add <input type=checkbox name="per_add" value="1" |; ($auth_default_perm[1] and $perm .= "CHECKED"); $perm .= qq|>
Delete <input type=checkbox name="per_del" value="1" |; ($auth_default_perm[2] and $perm .= "CHECKED"); $perm .= qq|>
Modify <input type=checkbox name="per_mod" value="1" |; ($auth_default_perm[3] and $perm .= "CHECKED"); $perm .= qq|>
Admin <input type=checkbox name="per_admin" value="1" |; ($auth_default_perm[4] and $perm .= "CHECKED"); $perm .= qq|>|;
}
&html_admin_display ($message, $user_list, $password, $perm, $IMVDARef, $CompanyName, $PhysicalAddress, $PostalAddress, $Region, $Phone, $Fax, $CellPhone, $Email, $Website);
}

One other thing. I have two "confirm" boxes that are brought up when you click "Delete".
If the password that is entered is incorrect or you don't supply a password it still brings
up these confirm boxes and then displays "passwords don't match". What can be done so that
it doesn't display the confirm boxes if the password that was entered was incorrect or
not supplied?

I managed to solve one of the problems with it bringing up "passwords don't match" all the time by adding this code:

$message = "";

Here is the code for the confirm statements if that helps:


<script language="javascript">

function deletedealer() {
if (confirm("Are you sure you want to delete: $CompanyName? Doing so will remove all $CompanyName 's records!"))
{
if(confirm("Are you really sure? Once you've done this $CompanyName 's data will be lost for good!"))
{
return true;
}
else
{
return false;
}
}
else {
return false;
}
}

</script>

I've got everything working by myself so don't worry about it Mark.

Now this is really wierd. If I use this code:

<input type=submit name=delete value="Delete Dealer Now" onclick="return deletedealer()">

it works fine and brings up the "confirm" box, etc but if I use this code:

<INPUT TYPE="IMAGE" name="delete" value="Delete Dealer Now" SRC="images/b_delete.gif" onclick="return deletedealer()">
<input type="hidden" name="delete" value="Delete Dealer Now">

it doesn't and just deletes the user as soon as "inquire" is clicked.

Why would it be doing this?

You'll have to re-write the form a bit. The general way of using images to submit forms is to wrap them in an A with an "onClick".

Try the following:That should do it.

- Mark


Astro-Boy!!
http://www.zip.com.au/~astroboy/